In case you've never heard of the guy, Joel Spolsky is a software developer living in New York. He's worked for Microsoft in the past and today runs his own company called Fog Creek Software. He has his own weblog, Joel on Software, where he regularly writes about software project management issues.

Hrm -- I thought Moz trated all HTML as 'insecure', and that's how it avoided the sort of security problems you see in IE. Anyway, most devs will probably use the ESC Trusted Sites workaround described.